March 23rd, 2018

The best building control and security systems can be defeated by something very simple: insecure passwords.

Easily compromised passwords expose vulnerabilities and make it possible for disgruntled former employees, hackers or other bad actors to wreak havoc.
Each year, SplashData releases its list of the worst passwords. The list is culled from passwords revealed by hacking attacks from that year. It’s hard to believe, but passwords such as “123456” and “qwerty” and even “password” still make the list, despite perennial warnings that these passwords are not secure.

Why do businesses spend thousands on sophisticated security and building control systems, only to leave them open to easy attacks? It’s a bit like installing a very fancy lock on your front door, and leaving the key in place.

Here are a few dos and don’ts for creating and maintaining more secure passwords:

Don’t use familiar terms
Names, significant dates and other personal details make it possible for hackers to guess. Especially as our lives are lived more and more online, and hackers become more and more sophisticated, it becomes fairly easy to discover your favorite team is UK and your favorite color is blue and your mother’s maiden name is Smith. Using any of those terms in a password is risky. Instead, use nonsense, unrelated terms. Be sure to mix capital letters in, as well as a digit or a symbol. You might even consider using an automated random password generator.

Don’t share
Don’t share passwords between accounts and systems. Sharing passwords between accounts and systems is a huge temptation, and almost everyone does it. But it makes it extremely easy for hackers to take over not just one account, but an entire identity.

Do change passwords regularly
Change passwords regularly, but not too frequently. Change passwords any time your business has a personnel change. When you have turnover, change any password used by that person at any time.
Encourage all personnel to change passwords annually. Any more frequently will likely result in compliance challenges.

December 19th, 2017

The Internet of Things (IoT) is going to be awesome and change the way we do everything.

Just as soon as we figure out what it is.

That’s one finding from a study conducted earlier this year by trade groups in the UK. According to the study, more than 40 percent of respondents were unfamiliar with the term “Internet of Things.”

So, what exactly is IoT? According to Techopedia, “The internet of things (IoT) is a computing concept that describes the idea of everyday physical objects being connected to the internet and being able to identify themselves to other devices. … The IoT is significant because an object that can represent itself digitally becomes something greater than the object by itself. No longer does the object relate just to its user, but is now connected to surrounding objects and database data. When many objects act in unison, they are known as having ‘ambient intelligence.’”
In lay terms, that means that all sorts of appliances and equipment and tools can now talk to each other, making it possible to optimize for efficiency, gather data and more.

IoT has been at the top of annual trend lists for several years running, according to Energy Manager Today, but still has a ways to go before fully taking hold as the way commercial, industrial and manufacturing facilities are built and operated.
What are the barriers to full IoT adoption?

Legacy systems and piecemeal approaches. Retrofitting existing systems is a challenge.

Security. Some IoT products and tools have been used to exploit internet security weaknesses and launch attacks. That’s on top of the risk of having sensitive internal data available on the internet for exposure. It’s a concern for facilities managers and security professionals that must be overcome.

Funding. Upgrading can be an expensive proposition, especially if the business case isn’t clear.

What’s keeping you from fully embracing IoT for your facility? Where does it make sense to move forward with proven applications? How can IoT be installed securely? We can walk you through these questions and more. Call us at (800) 567-1180.

October 11th, 2017

A new attack aimed at every computer, mobile device, smart TV or other IoT device running on Android, Linux, Windows, and pre-version 10 of iOS operating systems could open up your systems and facilities to number of significant vulnerabilities.

The newly-identified “BlueBorne” vector “allows attackers to take control of devices, access corporate data and networks, penetrate secure ‘air-gapped’ networks, and spread malware laterally to adjacent devices, according to digital security experts at Armis.

Unlike other malicious digital attacks, BlueBorne requires no action on the part of the user to work. It’s an “airborne” attack that spreads through Bluetooth connections. Users don’t have to click a link, download an app, or take any other action to spread the attack. It simply spreads itself.

Once BlueBorne gains access to a device, the device can be exploited for espionage, theft, ransom or DDoS attacks.

Considering the rapid growth of IoT connected devices, and the prevalence of the use of mobile devices to control everything from building access to critical systems, both IT and facility managers should rightly be concerned.

But according to HID, users of its products have limited exposure to risk. Its HID iClass SE readers are unaffected by BlueBorne.

Mobile devices that interact with their readers could be at risk of infection, however. To reduce risk and avoid infection, all mobile device users who interact with HID readers should be instructed to download the latest security updates for their device, and make sure they are kept up to date. All devices which run on iOS 9.3.5 or lower smart devices are affected, as are all Bluetooth-capable Android devices with that have not yet been updated to the latest Android security update released by Google in September.

Another route for concerned Android users would be to disable Bluetooth and rely on Near Field Communication (NFC) to access facilities.

For concerns about other types of systems that rely on Bluetooth or interact with Bluetooth-connected devices, contact the manufacturer of those products for specific details. You can also contact our IT team at (800) 567-1180 for system design information and guidance.

September 14th, 2017

Security systems and communications systems used to be two entirely different propositions.


Security teams were responsible for evaluating and procuring video cameras, ID badge systems and the like for their particular use cases. They oversaw the installation and use of those systems, and owned any associated data.

Communications systems were typically owned by IT teams. They evaluated and procure phone and conferencing systems for their particular use cases; oversaw the installation and use, and owned any associated data from those systems.

Security and communications systems operated differently, with no connection, often on entirely different networks.

All that is changing. The move away from analog systems to digital was the first step towards converging security and communications systems. The next step is figuring out how to make disparate IT and security systems work together and exchange data.
Through its DevConnect program, Avaya, a segment leader in communications systems, has opened the door to convergence a little more. The program empowers partners to create, verify and market Avaya-enabled solutions. DevConnect offers access to almost all SDKs offered by Avaya products, as well as technical education, tutorials and sample applications, forums, and in some cases, technical developer support on the use of Avaya APIs.

Axis, an ETC Services partner and market leader in security systems, is an active participant in Avaya’s DevConnect program. Through the partnership, they’ve developed integrations between their Network Door Stations and Avaya systems. Axis Network Door stations combine communication, video surveillance and remote entry control into a single device, and allows users to identify visitors and grant them access to a facility from a single platform, from anywhere in the world.

Perhaps more powerfully, converging the security and communications systems means data can be combined. Security data that was once entirely separate can now be integrated with other data streams and used for other business purposes, extending the value.

For more on how Avaya and Axis are partnering together, listen to this episode from the Avaya DevConnect 8 & Out podcast.

August 7th, 2017

On August 21, the United States will experience a solar eclipse. The path of totality where the sun will be completely eclipsed will cut a 70-mile wide swath from Oregon in the Pacific Northwest to Charleston, SC on the Southeast Atlantic coast.

The path will cut through West Kentucky, with the city of Hopkinsville serving as the epicenter of the eclipse. The point of greatest eclipse – where the sun, moon and earth align perfectly – will take place over Hopkinsville for two minutes and forty seconds at 2:24:41 pm ET on the day of the eclipse.

The last time the U.S. experienced an eclipse of this magnitude was nearly 100 years ago, in 1918.

The eclipse will be a scientific and educational boon, and it will certainly be an economic boon to the areas in the path of totality, particularly Hopkinsville.

What will the eclipse mean in terms of the power grid? Safety and security?

States that rely heavily on solar power will see a significant impact, according to a report in Energy Manager Today. California, North Carolina, Utah and Nevada are all expected to be impacted.

The effect of the eclipse will be the equivalent of shutting down several nuclear reactors at once, according to the report. Fortunately, most customers shouldn’t have any interruptions in service. Utilities have had plenty of time to prepare and test systems, and systems have multiple redundancies built in. That, coupled with the rolling nature of the event should mean the lights remain on even when it grows dark around mid-afternoon.

Communities in the path of totality are expecting significant infrastructure implications. Hopkinsville could more than double its population for the day. All those out of town visitors will rely on apps on their smartphones to navigate and communicate. The increased traffic will surely overwhelm cell towers. In anticipation, additional temporary cell towers are being added.

Traffic is also expected to be a problem, with last minute visitors clogging I-24 and the Pennyrile Parkway. The region doesn’t boast nearly enough beds to accommodate the influx of visitors, so temporary campgrounds are being set up in vacant fields and porta potties are being brought in to address sanitary concerns. Since the late August weather could be hot and steamy, cooling stations are being set up at key areas, too.

EMS responders are training, and officials are considering National Guard support as well.
The takeaway for businesses? Preparation and communication are key for remaining steady during significant events that are beyond your control. Coordination among businesses, government agencies and other partners is key.

June 1st, 2017

In recent weeks, hackers have taken hundreds of thousands of computers captive through the WannaCry ransom attack.


What is a ransom attack? Using this type of attack, hackers lock down a computer’s data and hold it hostage until the victim of the attack agrees to pay a ransom.
The implications are far from benign, and could indeed be life-threatening. Hospitals in the UK were particularly hard-hit, and without access to records were forced to turn some patients away.
On the heels of WannaCry, news broke that thieves dumped database with 560 million passwords on the Internet. Many of the records were compiled from previous hacks, including LinkedIn, Dropbox, MySpace and Tumblr.
The password dump poses a significant risk to personal and business data, as many use the same passwords across multiple platforms and services.
Both of these attacks highlight this truth: security extends far beyond the physical space. Increasingly, organizations must be vigilant about protecting themselves and their customers in cyberspace, too.
What can you do to protect yourself and your business? The steps are simple, and you’ve probably heard them before, but it’s worth repeating.
Don’t reuse passwords. Just don’t. Strongly consider purchasing a secure password generator and storage solution. Don’t forget to change passwords regularly, too, and never leave default administrative passwords in place.
Keep connections minimal. Only network and connect to the internet when necessary, and in those circumstances work to minimize exposure and secure connections. Following the DDoS attack that took down Spotify and Twitter last fall, we put together this Q and A with Anthony Tatman, our director of IT.
Keep software updated. Make sure you don’t use pirated versions of software; you’ll miss out on critical updates. When updates and patches are release, update promptly. Hackers rely on software vulnerabilities to worm their way in to systems.
Beware of phishing attacks. Never open emails or documents from sources you don’t recognize. Even if you recognize the source or it seems legitimate, exercise caution. Be aware of uncharacteristic language or strange file extensions.